Releases: hyphanet/fred
Freenet / Hyphanet build 1499: privacy, networking, css, UX, cleanups
User changelog
This release mainly brings improvements in five areas:
- improved privacy protection
- optimized and fixed networking layer
- support for website authors
- better user experience
- clean ups and code purges
Privacy
The privacy improvements are reduced pings and DNS lookups. These make
it less likely that a node gets detected by pings it sends for other
nodes that use DNS addresses to have permanent addresses. Also thanks
to Torusrxxx SSL support is updated and when setting up a node for
access via SSL, unencrypted HTTP links now get upgraded to secured
HTTPS automatically.
Networking
The networking layer got a fix for very fast nodes. On these the bulk
queue could be starved when realtime requests were received faster
than they could be completed. Also bertm fixed bulk backoff getting
ignored.
Juiceman removed unnecessary boxing and unboxing to reduce CPU load
and Torusrxxx improved IPv6 handling.
Website
Torusrxxx also added webp support to the content sanitation (filters),
so you can now use webp images on freesites and depending on the study
reduce the storage by around 30%. Minimizing storage is more critical
on Hyphanet compared to the clearnet, so webp can improve performance
for all sites.
In addition to webp, Torusrxxx also added support for more CSS
keywords: border-{top,bottom}-{left,right}-radius, color-scheme,
dominant-baseline, margin-block, margin-block-end, margin-block-start,
margin-bottom, margin-inline, margin-inline-end, margin-inline-start,
margin-right, math-style, padding-block, padding-block-end,
padding-block-start, padding-inline, padding-inline-end,
padding-inline-start, padding-right, padding-right, padding-top,
padding-top, scroll-behavior, scroll-snap-align, scroll-snap-stop,
scroll-snap-type, text-combine-upright, text-decoration-thickness,
text-orientation, text-underline-offset.
And font settings: monospace, system-ui, ui-serif, ui-sans-serif,
ui-monospace, ui-rounded, emoji, math, fangsong. Color keywords are
now checked case insensitively.
Ban link as well as visited (these can cause requests depending on
interaction), replace with any-link
. Also add more CSS selectors:
default, disabled, empty, enabled, focus-visible, indeterminate,
in-range, invalid, only-child, only-of-type, optional, out-of-range,
placeholder-shown, read-only, read-write, required, root. The
combination of :root
and color-scheme enables settings for
dark-mode. The MIME types image/avif, heic, and heif are now known
(but have no validation).
Also the :checked
selector is now supported, so freesites can have
some CSS-based interactivity.
There’s one loss: Chrome removed Theora support in 2024 and Firefox
followed suit in version 130 (which broke brasilian banking OTPs ).
Firefox ESR (128) will still get support until may 27th 2025. Until
then we need sanitation for modern video formats like vp8 or vp9 and
webm to keep our video on demand (streaming) working.
User experience
There are two improvements of the interface itself: Qupo1 updated the
Japanese localization and bertm polished the bookmark editor and
directory listing in the Winterfacey theme.
And thanks to Bombe the Freemail plugin now has a settings page for
the SMTP and IMAP address and port to use.
The defunct new load management statistics are now gone — thanks to
Torusrxxx. These were just distracting.
When you change the auto-updater key, updates are now checked
instantly, not only after update (for example to get updates via a
testing key for checking an update before release).
And a bug was fixed that could lead to plugins being killed early
during shutdown.
Cleanups
Thanks to qupo1, Christophe, and Bombe, our gradle setup is more up to
date and cleaner.
And thanks to Bombe, Bertm, Venfernand, and Juiceman we purged a lot
of outdated code that is no longer needed on modern JVMs (the code
base once had to work with Java 1) or replaced it with more recent
paradigms. Those make it quite a bit more enjoyable to work with the
affected parts of the code.
Finally qupo1 fixed links and code badges in our readme and Bertm made
sure that our IPv6 preference setting keeps working in Java 24 and
later.
Technical changelog
Privacy and Security
- Reduce pings and DNS lookups — thanks to bertm for the careful review!
- Improve SSL: Fix SSL self-signed certificate, update cipher suite, Add HSTS header setting to upgrade FMS links to HTTPS — thanks to Torusrxxx!
Networking layer and Optimization
- Fix bulk backoff being ignored — thanks to bertm!
- Only prefer the realtime queue to bulk with 90% probability to avoid starving bulk on very fast nodes
- Avoid unnecessary boxing and unboxing — thanks to Juiceman!
- Improve IPv6 handling, thanks to Torusrxxx!
Expanded website support
- Add webp filter, so you can use webp on sites, thanks to Torusrxxx!
- Add many CSS options — thanks to Torusrxxx!
- recognize MIME types image/avif, heic, heif (no filters yet) — thanks to Torusrxxx!
- Do not recommend disabling js helpers in fproxy (these are reviewed, so they can be used)
User Experience
- Update Japanese localization, thanks to qupo1!
- Fix bookmark editor indentation on Winterfacey theme and improve directory listing layout — thanks to bertm!
- Hide no longer relevant new load management statistics, thanks to Torusrxxx!
- Ensure that the updater searches for updates from an updated update key without restart.
- Add more resilient plugin list exception handling to avoid problems on shutdown
Development support
- Update Gradle wrapper validation to latest version — thanks to qupo1!
- Update Gradle to 8.11 thanks to Christophe!
- Fix build info with gradle daemon, thanks to Bombe!
- Avoid duplicate files in jar file and and add checks — thanks to Bombe!
- Fix update.sh version in dependencies.properties (no longer pull in an older version with auto-update)
Cleanup and refresh code
- Kill no longer useful MemoryChecker with 🔥 — thanks to Bombe and bertm for the reviews!
- Remove SHA-256 special case in PluginManager — thanks to bertm!
- Improve MultiValueTable — thanks to venfernand!
- do not check for long gone JVM bugs — thanks to bertm!
- do not intern byte arrays — thanks to bertm!
- reduce stream handling duplication in FileUtil — thanks to bertm!
- replace Logger.OSThread-based PID logging that was always disabled by NOOP — thanks to bertm!
- Remove code related to NLM load sending — thanks to bertm!
- Remove unused but dangerous Logger.fatal(...) method — thanks to bertm!
- Remove gc meddling that hasn’t been necessary for many Java releases
- replace length = 0 checks with isEmpty() — thanks to Juiceman!
Misc
- Simplify peers parsing code
- Fix readme links and code badges — thanks to qupo1!
- Support IPV6_ADDR_PREFERENCES until Java 24 and beyond (move from reflection to unsafe) — thanks to bertm!
- Add copy of the cryptics general license (2-clause BSD)
Plugins
- Freemail plugin: add settings page, thanks to Bombe!
Freenet / Hyphanet 0.7.5 build 1498
Freenet 0.7.5 build 1498 is now available. [overview]
This release resolves the last blocker for Freenet / Hyphanet 0.8 by
providing an official Debian package. Additionally it optimizes the
networking and data transfer core and provides many improvements for
website authors and user experience.
Starting with this release, Freenet / Hyphanet has an official Debian
package built automatically via github actions. This was the most
important high-impact-task and the last release blocker of version
0.8 in our Roadmap. Big thanks go to DC*!
With this finally realized, the next step is to get in contact with
the many privacy focussed distributions which build on Debian to make
hyphanet-fred
available where it is most important. Once this is
done, tools which build on Hyphanet — like FMS, but also jSite and
tools from pyFreenet — can be packaged to work out of the box, using
Hyphanet as an ordinary background service. That’s a step towards
Hyphanet as decentralized, privacy-preserving communication backend for
other applications.
Another step towards this is accepting the Schema hypha[net] to
simplify writing browser extensions that forward hypha:-links to
Hyphanet.
The networking layer was optimized significantly. Searching packet
types is often stopped early and common or cheaper checks are done
before less common or time-consuming checks. This gives significant
reductions of CPU load, especially for very fast nodes.
Juiceman fixed a bug limiting MTU to 1280 where not needed.
And recently failed and data not found cooldown times were reduced to
5 minutes and 3 minutes, reducing one of the big annoyances when
accessing a site quickly after upload.
On the data transfer layer, healing was optimized. After 1495 strongly
increased the amount of healing to keep large files available for
longer, 1498 specializes healing to keys close to the node location.
This reduces healing per file, but improves privacy, because healing
inserts are then more similar to forwarding — they mostly send data
close to the nodes location — and it reduces the network load of
healing, because the specialized healing inserts need fewer hops to
reach the optimal storage location in the network.
In addition to these changes deep down, there are a number of directly
visible improvements.
The plugins KeepAlive and Sharesite are updated (the latter now uses
the new Night Zen Garden style). The UPnP2 plugin is now visible in
simple mode. It can replace UPnP and should work better. On the
flipside the Library plugin is moved to advanced plugins, because it
does not work reliably enough.
The plugin list is easier to navigate by removing the defunct option
to download plugins from the clearnet and by adding better styling.
Downloading from the clearnet was an unnecessary privacy risk since
we’ve been bundling essential plugins with the installer for a few
years now.
The noderef for friend-to-friend connections is shown in simple mode
again, because it is robust enough with the changes in recent years.
This should remove a barrier to adding direct connections and enabling
fully confidential messages between friends.
There are new configuration options to allow connecting via local
services. That’s a step towards making it easy to add a second layer
of security, for example confining connections to a local network.
Thanks goes to s7r for these changes!
When bandwidth detection fails, the upload bandwidth now defaults to
160KiB/s. Also the NLM config is now disabled statically. This was a
testing setup which could still be active in old nodes, but it would
break connectivity nowadays.
The default bookmarks include the Opennet SeedNodes statistics,
the generate media site to create decentralized streaming sites, and
the high-impact-tasks. The bookmarks are also re-ordered to be a
better match for newcomers. Starting category: first steps, clean
spider, Index of Indexes. For the software category ordered by ease of
use from fproxy.
For website authors, more CSS elements, selectors and combinators
(:checked
, word-wrap: anywhere
, focus-within
, ^=
, $=
, *=
,
>
, +
, ~
) and additional HTML elements (summary
, details
,
<meta name="Viewport"...>
) are available. This strongly expands the
possibilities of websites authors in Hyphanet, because Javascript or
webassembly are no viable options in an environment where a privacy
breach could put people at risk. We’ve seen with Java applets, that
untrusted code will always break out of its containment. The CSS
improvements in contrast provide a safe way to enable limited
interactivity.
Streaming support via m3u lists was improved to allow accessing
segments of up to 200MiB.
And using -1
as version in a USK now properly finds version 0
, if
this is the only existing version.
There were a number of Java 21 fixes, including all our tests (thanks
to Bombe!), and improvement to the github actions (thanks to
AHOHNMYC).
In addition to that there was a lot of polish. Bert Massop and
Veniamin Fernandes replaced our homegrown CurrentTimeUTC with modern
Java options. Alex fixed the pronoun used in strings. Bombe added
getters for all direct field access in the node. Hiina reduced logging
level of store warnings so no unneeded backtraces are created for node
with large stores and Juiceman updated code to use more modern
structures.
Time-dependence of compressor selection was removed. This caused
non-determinism for inserts and could cause keys to be
non-reproducible on systems with faster or slower network.
And finally the new exe signing workflow we built to fulfill the
requirements of SignPath, our new windows installer signing provider
for the upcoming releases, runs the verify-build script on every
release to ensure that the jar we release has actually been built from
the sources. This provides a second safety net, in addition to
anonymous users running the script and posting the results (thanks to
all who did this — please keep it up, otherwise people have to fully
trust github). The release is not yet byte-by-byte reproducible,
because the jar MANIFEST defines among other info the exact java
version used to compile it, and the java version available differs by
distribution and time, so it would get harder over time to verify the
build.
A special thanks goes to Bombe for many careful reviews!
Thank you for using Freenet!
- AB
Developer changelog:
2024-04-28
Changes in 1498:
high impact tasks
merge debian package as default build action thanks to DC*/desyncr! This resolves one of our high impact tasks.
Plugins
Update KeepAlive to commit 86e47a101f26fd1d3be0437681a043aa4ae3f22c
Update Sharesite to 0.5.1
Move UPnP2 to normal plugins. It does not seem broken, but UPnP does
Move Library plugin to advanced plugins because new users tend to get lost with it
💄 Add better styling to the plugin list in winterfacey to make it easier to understand at a glance — thanks to Bombe
🔥 Remove option to load plugins from central server — thanks to Bombe! This was an unnecessary privacy risk, since we’re already bundling essential plugins with the installer, and it made plugin handling harder to understand.
Bookmarks
Add high-impact-tasks to bookmarks
Add generate media site to the default bookmarks
Add Opennet SeedNodes stats site
Reorder starting bookmarks: FFS → clean spider → Index of Indexes
Reorder default software bookmarks by ease of use from fproxy
Disable activelink for Index of Indexes (workaround, because it fails)
Optimize networking and transfer layer
break early when condition is met — thanks to Juiceman
Check the HashCode before equals. This saves ~20% method-runtime.
Re-order or’ed MessageFilters so the most likely is checked first
specialize healing to keys close to the node
fix healing decision: do not divide 0-1 by MAX_VALUE — thanks to Bombe for the review!
Reduce recently failed and data not found wait times
Filters
CSS: Fix: checked only the first char of the key part of CSS selectors, Add test that would catch too lax filtering.
CSS: Support pseudo-element checked. This enables limited interactivity via CSS.
CSS: Support the attribute selectors ^= $= *=, Add tests.
CSS: Support Combinators > + and ~, add test for ~ and simplify the implementation
CSS: Support word-wrap: anywhere and CSS selector focus-within.
HTML: allow summary and details html element. Thanks to naejadu
HTML: accept <meta name="Viewport" ...>, thanks to torusrxxx
Constants
Show the noderef in basic-mode: it is now robust enough
Configuration
accepting localhost in NodeIPPortDetector and allowBindToLocalhost configurable — thanks to s7r!
Provide static methods for simpler boolean config creation
Increase default bandwidth to 160KiB upload, when detection fails
disable setting for new-load-management (NLM broke nodes)
add utility to disable a config option, thanks to Bombe
Misc
add m3u-player insertion test: is added at end of body
[CI] Update actions, fix actions cache
♻️ add and use getters and setters for access to node fields
Increase max transparent passthrough to 200MiB links in m3u-lists.
Remove time-dependence of compressor selection. This caused
non-determinism for inserts and could cause keys to be
non-reproducible.
improve date object construction in CurrentTimeUTC.get()
Support Schema hypha[net] to simplify writing browser extensions that forward hypha://-links to Hyphanet.
polish: show datastore size warning with GiB suffix
Remove hash generation to native bi...
build01497: 2023-02-28
Freenet 0.7.5 build 1497 is now available. [overview]
This release fixes a severe vulnerability in path folding that allowed
to distinguish between downloaders and forwarders with an adapted
node that is directly connected via opennet.
This vulnerability was reported to the Project by Prof. Ming Yang and
Prof. Zhen Ling from the School of Computer Science and Engineering,
Southeast University, Prof. Xinwen Fu from the Miner School of
Computer & Information Sciences, University of Massachusetts Lowell,
and Yonghuan Xu from School of Cyber Science and Engineering,
Southeast university.
Yonghuan also provided support in fixing the vulnerability. Thank you
very much!
To reduce the probability of hitting other problems in path folding,
we also merged the pull-request to completely avoid path folding at
HTL 17 or higher.
Thank you for using Freenet!
- AB
Developer changelog:
2023-02-28
Changes in 1497:
This release fixes a severe vulnerability in path folding that allowed
to distinguish between downloaders and forwarders with an adapted
node that is directly connected via opennet.
This vulnerability was reported to the Project by Prof. Ming Yang and
Prof. Zhen Ling from the School of Computer Science and Engineering,
Southeast University, Prof. Xinwen Fu from the Miner School of
Computer & Information Sciences, University of Massachusetts Lowell,
and Yonghuan Xu from School of Cyber Science and Engineering,
Southeast university.
Yonghuan also provided support in fixing the vulnerability. Thank you
very much!
To reduce the probability of hitting other problems in path folding,
we also merged the pull-request to completely avoid path folding at
HTL 17 or higher.
Due to changes in the infrastructure, this release has to re-use the
Windows Installer from 1496, so newly installed nodes on Windows will
still be vulnerable for a few minutes after installation until they
auto-update. This should get fixed in 1498.
Besides this change, there’s a German translation fix by an anonymous
contributor: Email → E-Mail.
And a fix for a test that points towards the need to check the
compression code on newer JDKs.
- AB
[include shortlogs of any installer or plugin changes]
---
Arne Babenhauserheide (3):
Fix l10n: Email → E-Mail. Anonymous contribution - thank you!
re-add delay; check noderef to match RequestHandler.finishOpennetInner
Do not send a duplicate Ack on path folding — thanks to Yonghuan
Arne Babenhauserheide (freenet releases) (2):
Update default bookmark editions
Build 1497
Matthew Toseland (5):
Don't relay noderefs at high HTL
Don't accept noderefs either at high HTL
Missing return, oops
Comments
Replace outdated comment with an assertion
Veniamin Fernandes (1):
Fix compression result comparison in the GzipCompressorTest for newer JDKs
build01496
2023-01-07 Freenet 0.7.5 build 1496 is now available. Fix keepalive ------------- This fixes breakage in keepalive by ignoring a negative maxsize. This was broken by a fix to the client to actually honor the maxsize which was ignored before, so ignoring invalid values provides a compatibility layer for old plugins. Update translations ------------------- Imported updated translations from transifex. The biggest changes were done by the Russian team, adding or updating almost 200 translations. The German team changed over 70 translations. And 1 to 7 changes were done by teams es, fa, fi, fr, hu, it, ja, nb-no, nl, pt (br and PT), sv, zh-cn and zh-tw. A big thank you for your work! Bookmark curation ----------------- Replaced the unmaintained freemail site in the default bookmarks by a maintained one — thanks to Cynthia! Further changes --------------- - add meta charset tests - add missing test annotations — thanks to vwoodzell! Thank you for using Freenet! - AB Developer changelog: 2023-01-07 Changes in 1496: - fix keepalive regression — thanks to PlantEater for tracking it down and fixing it! - fix negative maxsize per new fetch override - also override maxTempLength - LowLevelGetException also return the throwable because the error doesnt help, the real gets hidden - update translations, thanks to the translators on transifex, especially the Russian ones! - add meta charset tests - replace unmaintained freemail site by maintained one — thanks to Cynthia! - add missing test annotations — thanks to vwoodzell! - AB --- Arne Babenhauserheide (5): Add meta Charset tests bookmarks: replace unmaintained freemail site by maintained one — thanks to Cynthia! fix: actually detect charset de-horrify test :-) CONTRIBUTING.md with easy to work with rule Arne Babenhauserheide (freenet releases) (5): update translations remove more references to Frost from translations update news Update default bookmark editions Build 1496 PlantEater (1): - fix negative maxsize per new fetch override - also override maxTempLength - LowLevelGetException also return the throwable because the error doesnt help, the real gets hidden Vaughan Woodzell (1): Add missing test annotations
Freenet 0.7.5 build 1495
2022-12-29
Freenet 0.7.5 build 1495 is now available with many improvements.
New users
There is a new firsttime wizard for single-step setup, contributed
by redwerk and finally merged after resolving dependency-requirements.
To further ease the start, the bookmarks are re-organized with
"starting points" at the top.
User experience
For integration in browser extensions, TheSeeker added support for
the schemes web+freenet and ext+freenet which do not need further
allow-listing by browsers to use.
CometZ@6DtYG~ created a new theme sky-dark-static, a clean dark scheme,
simpler than Winterfacey.
To enable more beautiful Freesites, Spider Admin, naejadu and vwoodzell
extended the CSS filter to enable sticky, transition, and word-wrap.
The m3u-player is now only inserted into sites which contain at least
one video or audio tag. When a part of a stream fails, it is now skipped,
allowing for continuous playback without user-intervention.
Performance
For better lifetime of larger files, the healing size is increased
from 16 to 256 MiB, so a 512 MiB file will keep working if accessed
once every 10 days. To keep alive files explicitly, you can use the
keepalive plugin.
And the pending keys optimizations by Eleriseth should reduce the CPU
load on very fast nodes with many peers.
Further technical improvements
- finally merged the HashingAPI by unixninja92, a GSoC project that had
gotten lost in the pull requests. This provides an easy and
well-tested way to create and verify different types of Hashes from byte
arrays, including Sha256 and TigerTree.
#258 - old announcement fixes by toad were finally merged
- unit tests were upgraded to junit4, thanks to vwoodzell!
- the client getter method now honors the max size argument
Thank you for using Freenet!
build01494: 2022-06-25
Freenet 0.7.5 build 1494 is now available.
This build improves four broad areas:
- streaming on demand,
- configuration,
- security, and
- bugfixes.
Streaming provides improved video and audio:
Video sizes are more robust when the size changes between subsequent videos.
Audio tags no longer try to display the overlay.
This finally enables convenient Samizdat Radio
To help modernize the configuration of existing nodes,
Freenet now shows a user alert once every Freenet update if the datastore is
below 10% of available space with a link to the store size wizard page
to make it easy to increase the store. Thanks to Trivuele!
Also the bandwidth settings now parse the bit suffix correctly
(lowercase b in kbps is bit, not byte).
The security received improvements both for friend to friend mode,
for opennet, and to tools for Freesites:
Friend-to-Friend mode now randomizes pitch black defense times
and waits at least 12 hours between pitch black mitigations
to prevent timing attacks.
Opennet is hardened by disabling the write local to datastore
functionality when opennet is enabled; it can be useful on a
small darknet, but on opennet it makes it easier to find downloaders.
Thanks to Trivuele!
Also a FOAF mitigation was fixeb that wasn't operational, because it lacked
a conversion to percent. Thanks to freedom-of-depression!
The /imagecreator/ tool, among other changes, now ensures
that requested image sizes are sane — thanks to Oleh from Redwerk
Finally it’s now easier to build fred without network access. Thanks to Trivuele!
In addition to these improvements, bugs got fixed:
- fix build with modern Java: add opens jvmargs on java 17.
- remove Frost on ChatForumsToadlet from non-updated translations
(removed 2019 from the original english). - fix parts of the German translation.
- Do not store blocks in the cache, if they are eligible for the store
(should increase usable cache size). Thanks to Trivuele!
A big thank you to all contributors and reviewers
for getting this release in shape!
And thank you for using Freenet!
- AB
Developer changelog:
2022-06-24
Changes in 1494:
-
Show a user alert (once every Freenet update) if the datastore is
below 10% of available space with a link to the store size wizard page
to make it easy to increase the store ― thanks to Trivuele -
Do not store blocks in the cache, if they are eligible for the store
(should increase usable cache size) thanks to Trivuele -
m3u-player: more robust sizes, do not use overlay for audio. This
finally enables convenient Samizdat Radio -
randomize pitch black defense times and wait at least 12 hours
between pitch black mitigations to prevent timing attacks -
bandwidth settings: parse bit suffix correctly
-
improve /imagecreator/ thanks to Oleh from Redwerk
-
Disable write local to datastore functionality when opennet is
enabled; it can be useful on a small darknet, but on opennet it
makes it easier to find downloaders. thanks to Trivuele -
make it easier to build fred without network access thanks to Trivuele
-
fix build with modern Java: add opens jvmargs on java 17
-
fix: a FOAF mitigation wasn t operational, because it lacked a
conversion to percent. thanks to freedom-of-depression -
remove Frost on ChatForumsToadlet from non-updated translations
(removed 2019 from the original english) -
fix parts of the German translation
-
AB
Arne Babenhauserheide (12):
randomize pitch black defense times
remove unnecessary import
remove more unnecessary imports
use UTC clock
wait at least 12 hours between pitch black mitigations
bandwidth: parse bit suffix correctly
fix parts of de-translation
remove Frost on ChatForumsToadlet from non-updated translations (removed 2019 from the original english)
add opens jvmargs on java 17
m3u-player: more robust sizes, do not use overlay for audio.
remove old unconditional logging line that has been ignored for a decade now and pollutes the log
change misleading naming — thanks to Steve for the review!
Arne Babenhauserheide (freenet releases) (4):
Update default bookmark editions
updated NEWS
updated NEWS
Build 1494
Oleh Shklyar (12):
allow /imagecreator/?width=200&height=100&text=200x100 url from freesites
Path availability Fix (using link filter)
Validate image size
Optimization of maximum font size algorithm
Validate image size
Clean
Clean
Timestamp
ImageCreatorToadletTest
Removed alignment using spaces
To date, there is no reason to open access
Reducing opened API
Trivuele (6):
Make it easier to build without network access
Allow only doing a single wizard step
User alert if datastore is below 10% of available space -- rebased without new datastore settings
Disable write local to datastore functionality when opennet enabled
Nothing ever triggers onAbortDownstreamTransfers()
Stop storing blocks twice
freedom-of-depression (1):
fix FOAFMitigationHack
What's Changed
- Allow ImageCreator url from freesites by @Olezha in #682
- randomize pitch black defense times by @ArneBab in #747
- bandwidth: parse bit suffix correctly by @ArneBab in #764
- Propagate translation changes by @ArneBab in #767
- m3u-player: more robust sizes, do not use overlay for audio. by @ArneBab in #768
- add opens jvmargs when building on java 17 by @ArneBab in #769
- remove old unconditional logging line that has been ignored for a dec… by @ArneBab in #770
- fix FOAFMitigationHack by @ArneBab in #772
- Trivuele batch 1 v3 by @ArneBab in #776
- Stop storing blocks twice by @ArneBab in #779
Full Changelog: build01493...build01494
testing 1494 pre-1: optimization and safety
1494 Testing release
build01493: 2022-03-28
Freenet 0.7.5 build 1493 is now available. [overview]
This build provides four core improvements:
- Curated default bookmarks, including an actively maintained index and Shoeshop for sneakernet
- Better peer scaling for very fast nodes
- Updated defaults to adapt to the higher capacities of modern systems.
- Compatibility with Java 17, first in the installers, with the following update for all nodes
The curated default bookmarks provide a much better first-start
experience. Previously new users saw mostly outdated sites in
inactive indexes.
Adding Shoeshop to enable sneakernet which can connect separate
Freenet networks even if no internet connection can be established
now provides all the tools for selfpublishing, not only in the
style of publishing an online blog (which is already easy with
Sharesite) or sending a file to an independent printer, but in the
much more self-reliant style, resourcefulness and rebellious spirit
of classical samizdat.
Adjusted peer-scaling fixes a conceptual problem: Fast nodes could
not utilize their bandwidth well enough, because the previous
peer-scaling did not take the aggregated bandwidth limit of the
peers into account. Now very fast nodes have linearly scaling
peer-counts to make it more likely that the capacity of their peers
added together matches the capacity of the fast node. The absolute
upper limits stay in place, because they are needed to preserve
privacy. There are also no changes to the peer-scaling of slower
nodes.
The fixed scaling should improve the performance of the whole
network because it avoids creating artificial bottlenecks.
Changes to the defaults are a doubled thread limit of newly
installed nodes (increased from 500 to 1000), with the stack size
per thread reduced by half to avoid higher memory consumption, the
datastore size is increased from 20GiB to 100GiB, because SSDs are
much faster and more resilient than before, and the default
bandwidth to offer if the actual speed cannot be found is doubled
to 32KiB/s.
These newer defaults should also improve the first-time user
experience.
Compatibility with Java 17 took longer than we hoped, because it
required deploying a newer wrapper and changes to the classpath.
This makes it easier to support packages for modern Linux, and it
should avoid losing nodes when Java updates itself (starting from
the next update this also applies to existing nodes; we have to
deploy the update code in 1493 so it can run during the update to
1494).
All together these changes should improve the user experience for
new people, give sneakernet the visibility it deserves, and
increase the performance of the network as a whole.
And last, but definitely not least, our translation team at
transifex updated enough of the the German, Persian, Finnish,
Italian, Japanese, Norwegian, Portuguese, Russian, and Swedish
texts in Freenet that we can ship the new versions. Thank you
very much!
That Freenet can keep moving forward and help people worldwide to
exercise their basic rights and freedoms is the work of amazing
volunteers, both contributors and people running Freenet nodes.
Thank you for your contributions, and thank you for using Freenet!
- AB
Developer changelog:
2022-03-28
Changes in 1493:
-
Update the wrapper files in dependencies.properties to 3.5.30
This change sets a consistent wrapper-version for Windows, *Nix, and
also OSX, thanks to operhiem1 for the review -
Pseudonymous people found found a bug in our splitfile inserter that
TheSeeker tracked down to its source. It threw an exception if the
checksum was exactly [0,0,0,0], thanks to operhiem1 for the review -
Update default bookmarks: Replace inactive indexes, add Shoeshop,
show active sites first. Thanks to AC4BB21B for the review! -
Fix FreenetURI intern() to not forget edition of USK — thanks to
debbiedub! -
Replace Pointer.SIZE with Native.POINTER_SIZE for JNA 5.x — thanks
to Leo3418 and Bombe -
fix peer scaling for very fast peers:
Very fast nodes have more peers to fix a conceptual mistake
(did not take the aggregated bandwidth limit of the peers into account).
Thanks to TheSeeker for the review! -
more resilient noderef parsing for easier friend-to-friend connections
try replacing spaces by newlines in noderefs when parsing fails -
Accept FreenetURI in add peer field; only try regular url on failure
— thanks to desyncr for the review -
Add warning about surveillance through voice recognition tech
-
Updater changes to add Java 17 support for existing nodes to
wrapper.conf (required module opens for Java 17 to wrapper.conf)
during the following update (to 1494) -
add output of filtered file to the OggFilterTest
-
Installer changes:
- Java 17 support
- increase default datastore size to 100GiB, because SSDs are much
faster today - Set standard thread limit to 1000
- decrease default thread stack size for reduced memory usage
(512KiB) - Increase default bandwidth to 32KiB/s. This should improve
performance for new nodes where UPnP does not give the speed.
thanks to operhiem1 for the review
-
AB
Changes in the installers:
java-installer:
Arne Babenhauserheide (8):
wrapper.conf: open the modules required for Java 16 and Java 17
wrapper.conf: increase count for commented out args, too
decrease per-thread stacksize to 256k
Get and load sharesite by default instead of ThawIndexBrowser
increase default max memory limit to 768 for computers with more than 4GiB of memory
fix: no equal sign after Xss
512k thread stack
update wrapper.jar, binaries and libs to upstream version 3.5.30
update jna on classpath when run without wrapper to 4.5.2
Arne Babenhauserheide (freenet releases) (3):
Merge branch 'TheSeeker-patch-1' into next
Merge branch 'next' of github.com:freenet/java_installer into next
detect Java 9 to 18
TheSeeker (1):
update jna dependency versions
wininstaller-innosetup:
Arne Babenhauserheide (8):
Update wrapper.conf
decrease per-thread stacksize to 256k
fix: no equal sign after Xss
only set Java 9+ options on w64
also lookup java 64 under non-explicit 64 key
allow 1024 MiB of memory on a machine with more than 4GiB
update the wrapper to the build with Java 9+ support created by Steve in 2018
remove 32bit note for Java installer (because it is no longer correct)
Arne Babenhauserheide (freenet releases) (11):
Update bundled JRE to 10.0.2 for Windows x64
reference zip, not exe
declare var
{tmp}\ so this is not empty
note why zip
Merge branch 'innosetup-windows-x64-support' of https://github.com/desyncr/wininstaller-innosetup
Merge branch 'desyncr-innosetup-windows-x64-support'
end line with carriage return newline
update FreenetTray.exe to version from cc614654fe8a4ae1a22db9b67b7bdf012268590c support-java-registry-with-JRE
Merge branch 'master' of github.com:freenet/wininstaller-innosetup
note that gh actions runs can be retriggerd
DC* (6):
Reference bundled zip for extraction
Fix syntax error
Simplify command and remove unnecessary compression
Mistakenly removed fred_deps.iss
Pre-unpack jre zip before creating installer
Merge remote-tracking branch 'origin/master' into innosetup-windows-x64-support
Changes in fred:
Arne Babenhauserheide (33):
add output of filtered file to the OggFilterTest
fix peer scaling for very fast peers:
correctly mark bytes with uppercase b
fix: apply max peers after increasing targetPeers for fast nodes
add voice recognition warning
try replacing spaces by newlines in noderefs when parsing fails.
Accept FreenetURI in add peer field; only try regular url on failure
note effectively published field
actually replace instead of doing the wrong thing
actually working more liberal noderef parsing
add max size to the fetched noderef
add required module opens for Java 17 to wrapper.conf
increase default datastore size to 100GiB, because SSDs are much faster today
Set standard thread limit to 1000
Use Logger instead of System.out.println
make the 50% slow fraction assumption explicit
break long line
log after setting limit for consistency
update NEWS
update default bookmarks.
update NEWS
Increase default upload bandwidth if none detected to 32KiB/s
remove options with duplicated upload bandwidths.
delete l10n for no longer existing bookmarks
Add fetchpullstats to the bookmarks
Move inactive flogs to the end of the flog list
fix: this threw an exception if the checksum was exactly [0,0,0,0].
Update the wrapper files in dependencies.properties to 3.5.30
1493 NEWS
1493 NEWS
fix: NEWS structure was broken
typo
cleaner NEWS description and remove duplicate entry
Arne Babenhauserheide (freenet releases) (7):
Update default bookmark editions
Update default bookmark editions
Update default bookmark editions
Update default bookmark editions
NEWS changes
Update default bookmark editions
Build 1493
Debora Wöpcke (2):
Add test to verify that intern() does not modify an USK
Correct so that FreenetURI intern() doesn't forget suggestedEdition
Yuan Liao (1):
Replace Pointer.SIZE with Native.POINTER_SIZE for JNA 5.x
build01493-pre1
Merge branch 'next' of github.com:freenet/fred into next
Freenet build 1492: video, diagnostics, pitch black mitigation, and plugin updates
Freenet 0.7.5 build 1492 is now available. [overview]
This release finalizes the mitigation of the pitch black attack
with a test that shows that the mitigation is effective at
reducing the impact of the attack and recovering from it.
This mitigation was sponsored by nlnet as part of the
Horizon 2020 program of the EU: https://nlnet.nl/project/Freenet-Routing/
The video-player was optimized to prevent most visual flickering.
To help performance analysis, there is now a diagnostics component
with thread runtime information. You can activate it in the advanced core settings of your node.
Thanks to DC*.
And several plugins received updates:
- KeyUtils got bugfixes from TheSeeker
- Library now searches all indexes if you just hit search — thanks to redwerk.
- Library now also allows setting a custom link suffic (docname) — thanks to TheSeeker.
- Spider got bugfixes from redwerk and juiceman.
- FlogHelper provides simple clickable audio and video tags.
Just put a m3u link into the video tag to have video-on-demand.
Included Bugfixes if fred (the Freenet Reference Daemon):
- skip in support.io.SkipShieldingInputStream must return
non-negative. Thanks to dennisnez. - NodeConfig was reading a particular config from default on every
start up. Thanks to desyncr. - OpenJDK 16+ compat: add wrapper.conf argument to allow access to
internal openjdk modules. - Correct "current size" option in Wizard => datastore size.
Thanks to AC4BB21B.
Sidenote: What is the pitch black attack?
On Freenet, every node has a location on a circle.
To optimize routing, pure friend-to-friend nodes (no opennet)
swap these locations (without changing connections).
The pitch black attack steals the locations one by one
and replaces them with a single one,
so that after a while all nodes are at the same location.
Then no sensible routing is possible anymore.
The mitigation detects when parts of the circle are devoid of routing nodes
and fills up the holes by switching there.
If you want to help us get better, please help us get the current
pending pull-requests in shape for merging, by reviewing and/or by
improving already reviewed but inactive pull-requests
(only on clearnet, because the pull-requests are there):
https://github.com/freenet/wiki/wiki/Large-Pull-requests-that-need-work
We now also have a list of high-impact tasks:
USK@xPkwhS3czAr5oi6yNgLQ7Ld7RbUZuY6eGniS0n5FZtc,WXVIZrZyLlZugJgJKYvbF9SPfKAUAQX9gAX6g7FGNVE,AQACAAE/high-impact-tasks/0
That said: If someone asks you "what is Freenet", you could for example answer:
Freenet is a peer-to-peer platform for
censorship-resistant and privacy-respecting
publishing and communication.
or
Freenet is a communication system that covers the needs for protection
expected from a secure data broker for Multi-Party Data Exchange in IoT for Health.
(source: https://www.igi-global.com/chapter/using-freenet-as-a-broker-for-multi-party-data-exchange-in-iot-for-health/257911 )
This is what Freenet already accomplished.
And we could only get this far together, because without users,
it is hard for sofware to make a difference.
Thank you for using Freenet!
- Arne Babenhauserheide
Developer changelog:
2021-10-27
Changes in 1492:
Fred:
-
The diagnostics component provides thread runtime statistics. Thanks to DC*.
#727 -
The multi-node test to show that the mitigation against the pitch
black attack works.
#736 -
The m3u-player for video on demand over Freenet now prevents most
visual flickering.
#734 -
Clickable labels for checkboxes. Thanks to AC4BB21B.
#741 -
Fix: skip in support.io.SkipShieldingInputStream must return
non-negative. Thanks to dennisnez.
#737 -
Fix: NodeConfig was reading a particular config from default on every
start up. Thanks to desyncr.
#739 -
OpenJDK 16+ compat: add wrapper.conf argument to allow access to
internal openjdk modules.
#740 -
Fix: Correct "current size" option in Wizard => datastore size. Thanks to
AC4BB21B.
#742
Plugins:
-
KeyUtils:
Fix API call to allow compiling, and
Fix extra bytes display for composed SSK.
both thanks to TheSeeker.
hyphanet/plugin-KeyUtils#17
hyphanet/plugin-KeyUtils#16 -
Library:
search with unchecked boxes thanks to redwerk
hyphanet/plugin-Library#14 -custom index docname thanks to TheSeeker
hyphanet/plugin-Library#18 -
Spider:
Fix writing to the bucket and Replace SortedIntSet thanks to redwerks
hyphanet/plugin-Spider#6Fix build thanks to Juiceman
hyphanet/plugin-Spider#5 -
FlogHelper
Add new media tags in tool menu: audio and video thanks to
AlexandreRio
hyphanet/plugin-FlogHelper#19
(you can simply set an uploaded m3u file as as source of a video
and it will show up on your flog as video on demand)
related: Florent fixed our website build (Thank you!), so we can release
there again. I polished our theme and the messaging on the index-page.
https://freenetproject.org/
- Arne Babenhauserheide
Arne Babenhauserheide (20):
Update FlogHelper to version 36
m3u-player: prevent flickering on track-transitions by keeping the size fixed and overlaying an image of the video
Add real node pitch black mitigation test
pitch-black-mitigation: prevent undamped oscillations of the pitch-black-mitigation
document pitch black node test
fix error-prone clock usage
OpenJDK 16+ compat: add wrapper.conf argument to allow access to internal openjdk modules
wrapper.conf: only add --illegal-access=permit on java 9+
refactor (pull out function) and fix the width for even less flickering
make size preservation robust and flexible
use real sizes for canvas
simplify fixing the size during updates
alwag, always divide by explicit floats
add error handling
fix: supports modules should be true when the threshold version (9) is smaller or equal to the current version
Add note about RealNodePitchBlackMitigationTest.java to the simulator/readme.txt
add a SECURITY.md
note that there are no known unfixable identification attacks against F2F-mode, note sybil and restructure a bit
improve SECURITY.md
SECURITY.md: typo: tipps -> tips
Arne Babenhauserheide (freenet releases) (7):
update KeyUtils to 0.5.6 v5028 from commit 4c0b6e11ac66e781dbcb5a9a1ddabf351629c6b6
update Library to 37 from commit cd45f9a5634c82e693d5fe1a870ad6120b9fe980
update Library to 53 from commit c5367b4ceffb2f9a011d68cae0bb205933fe6033
update FlogHelper to actual 36 from commit 085e4edff9d96c344168bf983c27056a869f5770
Update default bookmark editions
Update default bookmark editions
Build 1492
DC* (56):
Add thread cpu to diagnostics
Add NodeDiagnostic module with NodeThreadDiagnostics
Don't use single class imports
Fix indentation
Don't use single class imports
Create Diagnostics component to be able to scale to support multiple diagnostics easily
Add license headers to new files
Move thread info building into its own method
Make NodeDiagnostics field private
Flatten NodeDiagnostics interface
Flatten NodeDiagnostics interface
Create NodeDiagnostics and ThreadDiagnostics interfaces and default implementations
Reduce visibility for fields in ThreadDiagnostics
Use atomicReference for nodeThreadInfo list
Use thread interval to build data points
Fix calculation CPU time percentage
Use NodeDiagnostics type interface rather than default implementation
Use DefaultNodeDiagnostics implementation
Remove unnecessary finals in contructor
Remove unnecessary throw exception
Remove unnecessary copy
Fix CPU time percentaje calculation
Use Comparator class to simplify threads sorting
Use single loop to calculate delta and display
Rename private field to follow convention
Show percentage cpu time between process threads
Separate presentation from actual data for NodeThreadInfo
Compute % CPU by calculate the total CPU time from all threads, not only nodestat's
Renaming internal variables
Re-introduce delta CPU Time and simplify code structure
Output formatting in DiagnosticToadlet
Handle case when thread.getThreadGroup returns null
Remove long -> double coercion Purge inactive threads from threadsCpu list
Use NodeThreadSnapshot to hold thread list, total CPU and interval
Update ConfigToadlet to support enabling/disabling node diagnostics module
Avoid unnecessary casting to double for getCpuTimeDelta
Declare interface rather than implementation
Clean up nodeConfig callback
Update configuration description
Check thread snapshot is available when displaying
Simplify description and normalize names
Clean up unnecessary space
Correct language and simplify terms
Fix grammar mistake on translation for DiagnosticsDescription
Calculate CPU time as % of wall time
Avoid possible race condition on start up
Add docblock to threadStats method
Fix tab vs space mix up
Remove unneccessary code style fixes
newline at end of line
Create threadSnapshot inner class to avoid pooler executor messing thread'...